470 likes | 657 Views
Relaxing the Synchronous Approach for Mixed-Criticality Systems. Eugene Yip , Matthew M Y Kuo , Partha S Roop , and David Broman. RTAS’14. Software Task 1, Task 2, ... Task n. Mixed-Criticality Motivations.
E N D
Relaxing the Synchronous Approach for Mixed-Criticality Systems Eugene Yip, Matthew M Y Kuo, Partha S Roop, and David Broman RTAS’14
Software Task 1, Task 2, ... Task n Mixed-Criticality Motivations Different requirements: timing, security, safety. Criticality: Level of required assurance against failure. Hardware Multi-processor, Multi-core, Multi-threaded, ... Hard/soft/non-real-time Life Mission [Vestal 2007] Preemptive Scheduling of Multi-criticality Systems with Varying Degrees of Execution Time Assurance. [RTCA 1992] Software Considerations in Airborne Systems and Equipment Certification. Non-critical
Related Work • Vestal: Task WCETs more pessimistic at higher criticalities. Over provisioning of resources. • Early-Release EDF: Low critical tasks have a maximum period and shorter desired periods. • Zero-Slack QoS-based Resource Allocation Model: Tasks with lower utility degraded first (selecting longer periods). [Vestal 2007] Preemptive Scheduling of Multi-criticality Systems with Varying Degrees of Execution Time Assurance. [Su et al. 2013] Scheduling Algorithms for Elastic Mixed-Criticality Tasks in Multicore Systems. [de Niz et al. 2012] On Resource Overbooking in an Unmanned Aerial Vehicle.
The Synchronous Approach Environment Task 1 Task 2 int k inti intj j = f(i) k = g(j) • Formal semantics. • Formal verification. • SCADE used in Airbus. Synchrony hypothesis: Executions complete instantaneously. Implementation takes physical time to execute. Validate: WCET is always less than the duration of any tick. Task 1 Task 2 Task 1 Task 2 Task 1 Task 2 Implementation takes physical time to tick. 1 2 3 Logical time [Benveniste et al. 2003] The Synchronous Languages: 12 Years Later.
Related Work • Baruah’s static scheduling approach: • High and low criticality tasks. • Low-criticality tasks may be discarded. • Multi-rate synchronous tasks on uni-processor. • Single-rate synchronous tasks on multi-processor. • Missing: • Multi-rate tasks on multi-processor. • Modelling of mission tasks that can tolerate bounded deadline misses (soft real-time). [Baruah 2012] Semantics-Preserving Implementation of Multirate Mixed-Criticality Synchronous Programs. [Baruah 2013] Implementing Mixed-Criticality Synchronous Reactive Systems Upon Multiprocessor Platforms.
Problem Statement • Synchrony hypothesis requires: • All tasks to be hard real-time: No advantage in prioritizing tasks based on criticality. • WCETs of all tasks for validation: Cannot include (non-critical) tasks with unknown WCETs. • Enough resources to be provisioned for the worst-case: Under-utilization of resources at runtime.
Contributions • Relax the synchrony hypothesis to model mission critical tasks with frequency bounds. • Address the communication between mission critical tasks. • Propose an efficient scheduling of multi-rate, mixed-criticality, synchronous tasks on multi-processors. • Benchmark showing better processor utilization than ER-EDF.
Talk Outline • MC Task and Communication Model • Multiprocessor Scheduling Approach • Performance Evaluation and Discussions • Conclusions and Future Work
MC Task Model • Program is a set of tasks: • Task’s level of criticality: • Task’s release frequency: Life: (constant) Mission: (bound) Non-critical: (goal) • Task’s computation time (WCET analysis): [Wilhelm et al. 2008] The Worst-Case Execution-Time Problem - Overview of Methods and Survey of Tools.
MC Task Communication Model • Instead of instantaneous communication... • Use delayed communication: Data-dependencies limit schedulability and distribution. Delays difficult to analyze for distributed tasks. Tasks use values produced from the previous period. Delays due to data dependencies are avoided.
MC Task Communication Model • Oversampling: • Undersampling:
MC Task Communication Model • Lossless buffering: • Data received in the same sequence as it is sent. Timing of when data is received varies at runtime. • Maximum buffer size
Related Work • Lossless buffering: • Synchronous Data Flow and Rate-Based Execution. • Release of a task depends on receiving a minimum amount of buffered data. • Buffer sizes depend on task scheduling order. [Lee & Messerschmitt 1987] Synchronous Data Flow. [Goddard & Jeffay 2001] Managing Latency and Buffer Requirements in Processing Graph Chains.
Multiprocessor Task Schedulability Notations for task utilization:
Multiprocessor Task Schedulability Schedulability: Given a set of homogenous processors , a task set is schedulable over processors if:
Multiprocessor Scheduling Approach • Static scheduling: • Allocate minimum processor time to life and mission critical tasks to satisfy schedulability. • Distribute slack fairly among mission critical tasks to help improve their frequency. • Dynamic scheduling: • Give non-critical tasks the chance to execute and reach their goal frequency.
Static Scheduling • Base period approach: • GCD of task periods. • Portion of allocated in the base period. • Slack accumulates at the end of each base period. Example: Task C Task D Base period [Caspi & Maler2005] From Control Loops to Real-Time Programs.
Static Scheduling (ILP) • : Base period (GCD). : Processors.: Min and max processor time each life and mission critical task needs in . Cost of delayed communication. Cost of preempting a task. Solution exists if the task set is schedulable.
Static scheduling (ILP) Minimum allocated times: Maximum allocated times: Note, for life critical tasks.
Static scheduling (ILP) • Allocate slack among mission critical tasks: • Additional constraints to guide slack allocation. • E.g., proportionate fairness or marginal utility. • Example: For any two tasks, the task with larger is given proportionally more slack. [Lan et al. 2010] An Axiomatic Theory of Fairness in Network Resource Allocation. [Baruah et al. 1996] Proportionate Progress: A Notion of Fairness in Resource Allocation. [de Niz et al. 2012] On Resource Overbooking in an Unmanned Aerial Vehicle.
Multiprocessor Scheduling Approach • Static scheduling: • Allocate minimum processor time to life and mission critical tasks to satisfy schedulability. • Distribute slack fairly among mission critical tasks to help improve their release frequency. • Dynamic scheduling: • Give non-critical and mission tasks the chance to reach their .
Dynamic Scheduling Statically scheduled life and mission critical tasks. Execute non-critical tasks. Execute mission critical tasks. Execute life critical tasks. Processor 1 2 3 Time (base period) Slack (Dynamic scheduling) • Dynamic scheduling: • Allow task migration. • Tasks execute until they complete or the base period expires. • Pick non-critical tasks that have received the least amount of slack. • Pick mission critical tasks with the least improvement in frequency.
Performance Evaluation • Compare against ER-EDF (the closest work): • High criticality task Life critical task • Low criticality task Mission critical task • Early release points spaced evenly by . • Tasks picked randomly for early release. ER-EDF low criticality task Proposed mission critical task [Su et al. 2013] Scheduling Algorithms for Elastic Mixed-Criticality Tasks in Multicore Systems.
Performance Evaluation • Follow the simulation approach of ER-EDF. Generate random task sets: • Divisors of randomly selected for and . [Su et al. 2013] Scheduling Algorithms for Elastic Mixed-Criticality Tasks in Multicore Systems.
Performance Evaluation • Control the proportion of life and mission critical tasks generated. • Control the “normalized system utilization”: • Estimated utilization expected at runtime. where, [Su et al. 2013] Scheduling Algorithms for Elastic Mixed-Criticality Tasks in Multicore Systems.
Performance Evaluation • Schedulability of the generated task sets: • Each data point is the average of 10,000 random task sets. • 4 processor system. • An average of 118.9 ILP constraints for each task set. • ILP solver (Gurobi) allowed one minute to solve and generate a static schedule. • Less schedulable task sets generated when life and mission critical tasks are in equal proportions. [Gurobiversion 5.6] http://www.gurobi.com
Performance Evaluation • Proportion of life critical tasks varied: • U = 50%, N = 4, 1000 base periods. • Task’s actual execution time between and . System Runtime Utilization • Consistently higher utilization. • Utilization drops off because less mission critical tasks are available to use the slack.
Performance Evaluation • Proportion of life critical tasks varied: • U = 50%, N = 4, 1000 base periods. • Task’s actual execution time between and . Overall Frequency Improvement of Mission Critical Tasks • Higher system utilization leads to higher frequency improvement. • No improvement when there are no mission critical tasks.
Performance Evaluation • Proportion of life critical tasks varied: • U = 50%, N = 4, 1000 base periods. • Task’s actual execution time between and . Fairness Among Mission Critical Tasks unfair • Fairness heuristics performs better when there are many mission critical tasks. • Completely fair when only one mission critical task is generated. fair
Performance Evaluation • Proportion of non-critical tasks varied: • Remaining tasks: Equal proportions of life and mission critical tasks. System Runtime Utilization Overall Frequency Improvement Fairness Non-critical tasks use most of the slack. Mission critical tasks already given slack in the static schedule and rarely picked during dynamic scheduling.
Discussions • Proposed scheduling achieved: • Higher system utilization, frequency improvement, and better fairness. • Proposed scheduling approach supports an extra level of task criticality. • Base period scheduling incurs nearly twice the number of preemptions than ER-EDF. • Solving ILP can be expensive. Can use solver to find locally optimal solutions, like a heuristic.
Conclusions and Future Work • Mission critical tasks (bounded deadline misses) for the synchronous task model. • Lossless communication between multi-rate tasks. • Scheduling on multi-processors to maximize system utilization with fairness. • Future: Study a real system. Extend definition of criticality to include energy use. Develop improved fairness/utility heuristics.
Thank You Questions?
MC Task Model • Program is a set of tasks: • Task’s level of criticality: • Task’s release times: Constant release frequency: Deadline is the next release time. Life-critical task r r+p r+2p Time
MC Task Model • Program is a set of tasks: • Task’s level of criticality: • Task’s release times: Ideal next release time (and deadline). Upper bound on deadline miss. Mission-critical task r r+pmin r r+pmax r+pmin r+pmax Time Bounded release frequency: If a task completes between the bounds, then it is immediately released again.
MC Task Model • Program is a set of tasks: • Task’s level of criticality: • Task’s release times: Ideal next release time. No upper bound on deadline miss. Non-critical task r r+p Time Goal release frequency:
Multiprocessor Scheduling Approach • Traditional static scheduling approaches: Base period and hyper period. • Task C • Task D Hyper period: Makespan = LCM of task periods. Longer schedules. Slack appears between task releases. Base period: Makespan = GCD of task periods. Shorter schedules. More preemptions. Slack accumulates at the end of each base period (easier to track).
Fairness Example Task C Task D • If processor only has 4 units of slack, then , 1, and 1 unit of slack left over. • An inequality would allow task C to take the remaining unit of slack.
ILP Scalability • Time for Gurobi to find the first (locally optimal) solution compared to the final (globally optimal) solution. • Generated 250 random task sets containing 2 to 50 tasks (even numbered). • U = 50%, N = 32, 50% life critical tasks. • Quick to find the first solution. • Similar to using a heuristic.
Preemptions • Normalized system utilization varied: • N = 4, 1000 base periods, 50% life critical tasks. • Task’s actual execution time between and . Average Number of Preemptions on each Processor • Proposed approach is nearly twice that of EDF. • Implementation determines the true cost.
Extra Levels of Criticality • Refining the timing criticality of tasks: • Or mix timing criticality with other kinds of criticalities (e.g., security, safety, and power).