composability and schedulability of real-time applications in open environments nathan fisher...
TRANSCRIPT
Composability and Schedulability of Real-TimeApplications in Open EnvironmentsNathan Fisher
Department of Computer ScienceWayne State University
Outline Background:
• Real-Time Systems.• Scheduling Algorithms.• Open Environments.
Prior Work. Our Results:
• Framework for real-time applications in an open environments.• Validation Tests: Composability & Schedulability
Open Questions & Summary. “Shameless” Plugs.
What is a Real-Time System?
System Correctness:• Logical.• Temporal.
Predictability is more important than performance.
Do all system computations satisfyassociated temporal constraints?
Background – Prior Work– Our Results– Open Questions
Examples of Real-Time Systems Real-Time System Examples:
• Safety Critical:• Avionic control, power plants, automotive, medical devices,
robotics …
• Consumer Electronics:• Cellular phones, MP3 players, digital video devices,…
• Networking:• Multimedia streams, QoS constraints, network processing,…
• …
Background – Prior Work– Our Results– Open Questions
Example: Air Traffic-Flight Control
stateestimator
stateestimator
stateestimator
air trafficcontrol
flightmanagement
flightcontrol
air data
navigation
virtual plant
virtual plant
operator-systeminterface
physical plant
from sensors
responses commands samplingrates maybe minutes
or evenhours
samplingrates maybe secs.
or msecs.
Control Subsystem/Application:set timer to interrupt periodically with period T;at each timer interrupt do
1. do analog-to-digital conversion to get input sample y;
2. compute control output u;3. output u and do digital-to-analog conversion;
od
Control Subsystem/Application:set timer to interrupt periodically with period T;at each timer interrupt do
1. do analog-to-digital conversion to get input sample y;
2. compute control output u;3. output u and do digital-to-analog conversion;
od
Background – Prior Work– Our Results– Open Questions
Modeling a Real-Time System Processing platform.
• Uniprocessor.
• Unit speed:• (one unit of execution) per (one unit of time).
Background – Prior Work– Our Results– Open Questions
Modeling a Real-Time System Processing platform. Real-Time workload:
• Job: basic unit of work.• Characterized by:
• Arrival-time.• Deadline.• Worst-case execution time.
• Preemptable.
time
Background – Prior Work– Our Results– Open Questions
Modeling a Real-Time System Processing platform. Real-Time workload:
• Job: basic unit of work.• Characterized by:
• Arrival-time.• Deadline.• Worst-case execution time.
• Preemptable.
• Tasks: Recurrent set of jobs.
time
Background – Prior Work– Our Results– Open Questions
Tasks: Recurrent Jobs
time
0 10 20 30 40
Task A
Control-Subsystem Process A:set timer to interrupt periodically with period pA;at each timer interrupt do
1. do analog-to-digital conversion to get input sample y;
2. compute control output u;3. output u and do digital-to-analog
conversion;od
Control-Subsystem Process A:set timer to interrupt periodically with period pA;at each timer interrupt do
1. do analog-to-digital conversion to get input sample y;
2. compute control output u;3. output u and do digital-to-analog
conversion;od
Job: control invocation.
Period: invocation interval.
Period = 15Period = 15
Task A
Background – Prior Work– Our Results– Open Questions
Control-Subsystem Process A:set timer to interrupt periodically with period pA;at each timer interrupt do
1. do analog-to-digital conversion to get input sample y;
2. compute control output u;3. output u and do digital-to-analog
conversion;od
Control-Subsystem Process A:set timer to interrupt periodically with period pA;at each timer interrupt do
1. do analog-to-digital conversion to get input sample y;
2. compute control output u;3. output u and do digital-to-analog
conversion;od
Tasks: Recurrent Jobs
time
0 10 20 30 40
Task A
Period = 15Period = 15
Task A
Control-Subsystem Process B:set timer ….period pb
at each timer interrupt do…..
od
Control-Subsystem Process B:set timer ….period pb
at each timer interrupt do…..
od
Task B
Period = 30Period = 30
time
0 10 20 30 40
Task B
Background – Prior Work– Our Results– Open Questions
(ei) (ei) (ei) (ei) (ei)
0 pi 2pi 3pi 4pi
i = (ei,di,pi)
time
A Formal Model: Sporadic Task Model
Relative DeadlinePeriod
Worst case Execution
Requirement
Task Systems of n tasks: = {1,…, n}
Background – Prior Work– Our Results– Open Questions
Modeling a Real-Time System Processing platform. Real-time workload. Scheduling algorithm:
• Earliest-Deadline-First (EDF): schedule the job with the nearest absolute deadline.
• Rate-Monotonic (RM): assign each task i priority equal to 1/pi (greater number greater priority); schedule the job with greatest priority.
Background – Prior Work– Our Results– Open Questions
Scheduling Algorithmsi = (ei,di,pi)
1= (2, 4, 4) =2= (3, 7, 7) =
EDF2
0 1 2 3 4 5 6 7 8time
1
2
0 1 2 3 4 5 6 7 8time
1
RM
Background – Prior Work– Our Results– Open Questions
Verification of a Real-Time System Given a real-time system specified by:
• Processing platform: P.• Real-time workload: .
• Scheduling Algorithm: A. Schedulability Analysis: determine whether all
jobs generated by task system meet all deadlines on P when scheduled according to A.
<P,,A>Y, is schedulable by
A on P.Schedulability TestN, is not schedulable
by A on P.
Background – Prior Work– Our Results– Open Questions
Known Verification TechniquesFor EDF-scheduled systems:
For RM-scheduled systems:
Theorem: Task system will always meet all deadlines on a uniprocessor platform when scheduled by EDF, if and only if for all t > 0,
tep
diti
ii
1,0max
Theorem: Task system will always meet all deadlines on a uniprocessor platform when scheduled by RM, if and only if for all i and integers k>0,
tep
tkedpkpkt j
i
j jiiii
1
1
::1,1
i = (ei,di,pi)
Background – Prior Work– Our Results– Open Questions
Traditional Real-Time System DesignApproach:
1. Determine, for every process of every system application, temporal requirements (i.e., period, execution time, etc.).
2. Specify each process in a task model (e.g., sporadic task model).
3. Verify temporal correctness of all tasks using schedulability analysis techniques.
Assumption: All processes of all real-time applications have been developed together and are known by the system designer.
Background – Prior Work– Our Results– Open Questions
Common Common PlatformPlatform
Traditional Real-Time System Design
stateestimator
stateestimator
stateestimator
air trafficcontrol
flightmanagement
flightcontrol
air data
navigation
virtual plant
virtual plant
operator-systeminterface
physical plant
from sensors
responses commandsConsider our air-traffic control example…Consider our air-traffic control example…
1 2 3
4 5
All subsystems All subsystems validated togethervalidated together
Background – Prior Work– Our Results– Open Questions
Traditional Real-Time System DesignDrawbacks:
1. All tasks in the system need to be validated together and known to system designer, a priori.
• Monolithic system design.
2. Each application on shared platform must use same scheduling algorithm.
3. Temporally-bad behavior of one task may affect other tasks.
Violation of System Design Principles:
• Encapsulation, Abstraction, & Dynamic Extensibility.
• Modularity & Hierarchical Design.
• Fault-containment.
Solution?Solution?
Background – Prior Work– Our Results– Open Questions
Real-Time Open Environments Framework for composing real-time applications:
• Each application may be independently developed and verified.
• Each application runs inside a server which has local scheduler.
• Single interface expresses temporal requirements of application’s server which is scheduled by global scheduler.
• System uses composability test to determine whether applications can be co-executed on same platform.
Background – Prior Work– Our Results– Open Questions
Multiple independently-developed, real-
time applications co-execute upon
shared platform:
CPUglobal
scheduler
A1:
LocalScheduler
11
22
33
Real-Time Open Environments
A2: Local
Scheduler
11
22
Aq: Local
Scheduler
11
22
……
I1
I2
Iq
Roughly speaking, A1, A2, …, Aq are composable if
1 Capacity Processor 21 qIII
AA11’s server’s server
Background – Prior Work– Our Results– Open Questions
Common Common PlatformPlatform
Traditional Real-Time System Design
stateestimator
stateestimator
stateestimator
air trafficcontrol
flightmanagement
flightcontrol
air data
navigation
virtual plant
virtual plant
operator-systeminterface
physical plant
from sensors
responses commands
1 2 3
4 5
AA11
AA22
Background – Prior Work– Our Results– Open Questions
Real-Time Open Environment DesignApproach (for an application):
1. Determine, for every process of application, temporal requirements.
2. Specify each process in a task model (e.g., sporadic task model).
3. Define server interface for application.
4. Verify temporal correctness of all tasks in application server using schedulability analysis techniques.
Approach (system-wide):1. Verify temporal correctness of all applications via
composability test.
Background – Prior Work– Our Results– Open Questions
Traditional Real-Time System DesignAdvantages:
1. Application’s temporal constraints may be validated independently and need not be known a priori.
• Component-based design.
• Service-oriented design.
2. Each application on shared platform may use different scheduling algorithm.
3. Application servers isolate temporally-bad behavior of an application.
Adherence to System Design Principles:
• Encapsulation, Abstraction, & Dynamic Extensibility.
• Modularity & Hierarchical Design.
• Fault-containment.
Background – Prior Work– Our Results– Open Questions
Real-Time Open Environment DesignApproach (for an application):
1. Determine, for every process of application, temporal requirements.
2. Specify each process in a task model (e.g., sporadic task model).
3. Define server interface for application.
4. Verify temporal correctness of all tasks in application server using schedulability analysis techniques.
Approach (system-wide):1. Verify temporal correctness of all applications via
composability test.
Focus ofFocus ofRemainder of talkRemainder of talk
Background – Prior Work– Our Results– Open Questions
Prior Work [Deng & Liu, 1997] introduced real-time open environments.• Two-level hierarchy.• EDF Global Scheduler.• Global resources.
CPUglobal
scheduler
A1:
LocalScheduler
11
22
33
A2: Local
Scheduler
11
22
Aq: Local
Scheduler
11
22
……
RR11 RR22 RRmm……
EDFEDF
R1
R1
R1
R2
R2 Each resource could be device or global data
structure.
RMRM
EDFEDF
StaticStatic
I1
I2
Iq
Executed non-Executed non-preemptivelypreemptively
Background – Prior Work– Our Results– Open Questions
Prior Work [Deng & Liu, 1997] introduced real-time open environments.• Two-level hierarchy.• EDF Global Scheduler.• Global resources.
A1:
LocalScheduler
11
22
33
A2: Local
Scheduler
11
22
Aq: Local
Scheduler
11
22
……
R1
R1
R1
R2
R2
RMRM
EDFEDF
StaticStatic
I1
I2
Iq
Interface Ii for each Application Server Ai:
• i: “speed” of server.
• i: maximum delay tolerable.
• i: maximum non-preemptive resource lock.
• i: length of shortest relative deadline in Ai.Ii < i, i, i, i>
Background – Prior Work– Our Results– Open Questions
Prior Work [Deng & Liu, 1997] introduced real-time open environments.• Two-level hierarchy.• EDF Global Scheduler.• Global resources.
Drawbacks:1. Only two levels possible.
2. Composability test provably non-optimal in the presence of global resources.
Ii < i, i, i, i>
Theorem: Applications A1, A2, …, Aq are composable if,
1max
max1
1
j
jii
qj
q
kkk
Background – Prior Work– Our Results– Open Questions
Prior Work [Feng & Mok, 2002] Bounded-Delay Resource Partition.• Unlimited hierarchal levels.• EDF or RM Global Scheduler.• Global resources.
CPUglobal
scheduler
A1:
LocalScheduler
11
22
33
A2: Local
Scheduler
11
22
Aq: Local
Scheduler
11
22
……
RR11 RR22 RRmm……
R1
R1
R1
R2
R2
I1
I2
Iq
Executed non-Executed non-preemptivelypreemptively
Background – Prior Work– Our Results– Open Questions
Prior Work [Feng & Mok, 2002] Bounded-Delay Resource Partition.• Unlimited hierarchal levels.• EDF or RM Global Scheduler.• Global resources.
CPUglobal
scheduler
A1:
LocalScheduler
22
33
A2: Local
Scheduler
11
22
Aq: Local
Scheduler
11
……
RR11 RR22 RRmm……
EDF orEDF orRMRM
R1
R1
R2
R2
RMRM
EDFEDF
StaticStatic
I1
I2
A1’
Iq
R1
Aq’
EDFEDF
RMRMBackground – Prior Work– Our Results– Open Questions
Prior Work [Feng & Mok, 2002] Bounded-Delay Resource Partition.• Unlimited hierarchal levels.• EDF or RM Global Scheduler.• Global resources.
A1:
LocalScheduler
22
33
A2: Local
Scheduler
11
22
Aq: Local
Scheduler
11
……
R1
R1
R2
R2
RMRM
EDFEDF
StaticStatic
I1
I2
A1’
Iq
R1
Aq’
EDFEDF
RMRM
Interface Ii for each Application Server Ai:
• i: “speed” of server.
• i: maximum delay tolerable.
• i: maximum non-preemptive resource lock.
• i: length of shortest relative deadline in Ai.Ii < i, i, i >
Background – Prior Work– Our Results– Open Questions
Prior Work [Feng & Mok, 2002] Bounded-Delay Resource Partition.• Unlimited hierarchal levels.• EDF or RM Global Scheduler.• Global resources.
Drawbacks:1. Composability test provably non-optimal in the
presence of global resources.
Ii < i, i, i >
Theorem: Applications A1, A2, …, Aq are composable (without resources) if,
11
q
kk
Background – Prior Work– Our Results– Open Questions
Prior Work Drawback: Resource-Sharing
i = (ei,di,pi)
Composability test provably non-optimal in the presence of global resources.
1= (2, 3, 3) =2= (3, 9, 9) =
EDF2
0 1 2 3 4 5 6 7 8time
1
9
RR11
Non-optimality at application levelNon-optimality at application level..
Resource locked. Resource unlocked.Deadline miss!
Ai
Background – Prior Work– Our Results– Open Questions
Prior Work Drawback: Resource-Sharing
Also, on the system-wide level, an application can unnecessarily block another application.
Composability test provably non-optimal in the presence of global resources.
Background – Prior Work– Our Results– Open Questions
Our results: Goals
1. Obtain optimal behavior in the presence of global resources.
2. Derive effective composability test.
3. Derive effective schedulability test for applications.
Design an open environment server framework to:Design an open environment server framework to:
Background – Prior Work– Our Results– Open Questions
Our Results: Bounded-Delay Resource Open Environment (BROE) Server [Fisher, Bertogna, & Baruah, 2007]
• Unlimited hierarchal levels.• EDF Global Scheduler.• Global resources.
CPUglobal
scheduler
A1:
LocalScheduler
22
33
A2: Local
Scheduler
11
22
Aq: Local
Scheduler
11
……
RR11 RR22 RRmm……
EDFEDF
R1
R1
R2
R2
RMRM
EDFEDF
StaticStatic
I1
I2
A1’
Iq
R1
Aq’
EDFEDF
RMRM
Allow for preemptive Allow for preemptive execution, if needed.execution, if needed.
Background – Prior Work– Our Results– Open Questions
Our Results: Bounded-Delay Resource Open Environment (BROE) Server [Fisher, Bertogna, & Baruah, 2007]
• Unlimited hierarchal levels.• EDF Global Scheduler.• Global resources.
A1:
LocalScheduler
22
33
A2: Local
Scheduler
11
22
Aq: Local
Scheduler
11
……
R1
R1
R2
R2
RMRM
EDFEDF
StaticStatic
I1
I2
A1’
Iq
R1
Aq’
EDFEDF
RMRM
Interface Ii for each Application Server Ai:
• i: “speed” of server.
• i: maximum delay tolerable.
• Hi: maximum preemptive resource-holding time.
Ii < i, i, Hi >
Background – Prior Work– Our Results– Open Questions
Our Results: Bounded-Delay Resource Open Environment (BROE) Server Ii < i, i, Hi > Server Rules:1. Each server maintains budget, replenishment
period, and current deadline.• Similar to sporadic task.• “Normal” replenishment period:• Maximum Budget:
)1(2 i
iiP
)1(2 i
iiiE
iFor all intervals of size t > i, execution over interval
should be at least (t- i ) iBackground – Prior Work– Our Results– Open Questions
Our Results: Bounded-Delay Resource Open Environment (BROE) Server Ii < i, i, Hi > Server Rules:1. Each server maintains budget, replenishment
period, and current deadline.
2. If server is executing budget is decremented at rate 1/i.
time.ofrest 0,
executing. is A while,/1 iiiEdt
d
Budgettime0
)1(2 i
i
Background – Prior Work– Our Results– Open Questions
Our Results: Bounded-Delay Resource Open Environment (BROE) Server Ii < i, i, Hi > Server Rules:1. Each server maintains budget, replenishment
period, and current deadline.
2. If server is executing budget is decremented at rate 1/i.
3. If task of Ai requests resource when Ei < Hi, then defer execution and update replenishment time & next deadline:
Task requests RTask requests Rjj, but , but
EEii < H < Hii
Access to RAccess to Rjj is is
granted heregranted hereiExecution over interval > (t- i)iBackground – Prior Work– Our Results– Open Questions
Our results: Goals1. Obtain optimal behavior in the presence of
global resources.
2. Derive effective composability test.
3. Derive effective schedulability test for applications.
Design an open environment server framework to:Design an open environment server framework to:
Background – Prior Work– Our Results– Open Questions
Our results: Goals1. Obtain optimal behavior in the presence of
global resources. BROE-Server Properties:
• Executing resources preemptively reduces deadline misses within an application.
• Deferring an application’s execution of resources prevents blocking between applications.
Theorem: If application Ai has been validated independently on processor of speed i and each job completes i prior to its deadline, then it will meet all deadlines on BROE server with interface Ii < i, i, Hi > executing on a unit-speed processor.
Design an open environment server framework to:Design an open environment server framework to:
Background – Prior Work– Our Results– Open Questions
Our results: Goals1. Obtain optimal behavior in the presence of
global resources.
2. Derive effective composability test.
Theorem: Applications A1, A2, …, Aq under BROE servers are composable on a unit-speed processor if, 1)(max
11
q
kkj
qjH
Design an open environment server framework to:Design an open environment server framework to:
Background – Prior Work– Our Results– Open Questions
Our results: Goals1. Obtain optimal behavior in the presence of
global resources.
2. Derive effective composability test.
3. Derive effective schedulability test for applications.
Theorem: An application Ai comprised of sporadic tasks will always meet all deadlines when scheduled by EDF on a BROE Server with interface Ii < i, i, Hi > , if and only if for all t > 0,
)(1,0max iikA k
k tep
dt
ik
Design an open environment server framework to:Design an open environment server framework to:
Background – Prior Work– Our Results– Open Questions
Interesting Open Questionss
Interface Selection:• What is optimal selection of interface for an
application? • What if system designer can lie about interfaces?
Can we design mechanisms to induce truthful interfaces?
Multiprocessor/Multicore Open Evironments? Implementation:
• Operating system integration.• AUTOSAR: Automotive Open System Architecture.
Optimization Theory
Game Theory
Parallel & Distributed Systems
Background – Prior Work– Our Results– Open Questions
Summary
Traditional real-time analysis violates many software engineering principles.
Real-time Open Environments:• Composability of real-time applications.• Encapsulation, modularity, & fault containment.
Our contribution:• BROE Server.• Optimal under shared resources.• Effective composability & schedulability tests.
PhD thesis topics abound!
“Shameless” Plugs
Winter 2008: Real-Time Systems (CSC 7991)• Topics:
• Schedulability analysis,• Resource-sharing,• OS issues,• and much more!
• Workload:• 4 Assignments.• Semester-long Project.
“Shameless” Plugs
Open GRA positions for Ph.D. Students:• Theoretical & Implementation problems.• Lots of interesting/relevant open problems.• Travel the world:
• Upcoming Real-Time & Distributed Systems Conferences:• Guadeloupe, French West Indies.
• Kolkata, India.
• Prague, Czech Republic.
• Dublin, Ireland.
• …
Thank You!
Questions?Questions?