Composability and
Schedulability of Real-Time
Applications in Open
Environments
Nathan Fisher
Department of Computer Science
Wayne State University
Outline

Background:
• Real-Time Systems.
• Scheduling Algorithms.
• Open Environments.


Prior Work.
Our Results:
• Framework for real-time applications in an open
environments.
• Validation Tests: Composability & Schedulability


Open Questions & Summary.
“Shameless” Plugs.
What is a Real-Time System?

System Correctness:
• Logical.
• Temporal.

Do all system computations satisfy
associated temporal constraints?
Predictability is more important than
performance.
Background – Prior Work– Our Results– Open Questions
Examples of Real-Time Systems

Real-Time System Examples:
• Safety Critical:
•
Avionic control, power plants, automotive, medical devices,
robotics …
• Consumer Electronics:
•
Cellular phones, MP3 players, digital video devices,…
• Networking:
•
Multimedia streams, QoS constraints, network processing,…
• …
Background – Prior Work– Our Results– Open Questions
Example: Air Traffic-Flight Control
commands sampling
operator-system
rates may
interface

be minutes
or even
state
air traffic
hours
estimator
control
responses
from sensors
Control Subsystem/Application:virtual plant
navigation
set timer to interrupt periodically with period T;

at each timer interrupt do
1. do analog-to-digital
sample y;
stateconversion to get inputflight
2. compute control
output u;
management
estimator
3. output u and do digital-to-analog conversion;
virtual plant
od

state
estimator
air data
flight
control
physical plant
sampling
rates may
be secs.
or msecs.
Background – Prior Work– Our Results– Open Questions
Modeling a Real-Time System

Processing platform.
• Uniprocessor.
• Unit speed:
• (one unit of execution) per (one unit of time).
Background – Prior Work– Our Results– Open Questions
Modeling a Real-Time System


Processing platform.
Real-Time workload:
• Job: basic unit of work.
• Characterized by:
time
• Arrival-time.
• Deadline.
• Worst-case execution time.
• Preemptable.
Background – Prior Work– Our Results– Open Questions
Modeling a Real-Time System


Processing platform.
Real-Time workload:
• Job: basic unit of work.
• Characterized by:
time
• Arrival-time.
• Deadline.
• Worst-case execution time.
• Preemptable.
• Tasks: Recurrent set of jobs.
Background – Prior Work– Our Results– Open Questions
Tasks: Recurrent Jobs
Task A
Control-Subsystem Process A:
set timer to interrupt periodically with period pA;
at each timer interrupt do
1. do analog-to-digital conversion to get
input sample y;
2. compute control output u;
3. output u and do digital-to-analog
conversion;
od
Period = 15
Period: invocation
interval.
Job: control
invocation.
time
Task A
0
10
20
30
40
Background – Prior Work– Our Results– Open Questions
Tasks: Recurrent Jobs
Task A
Task B
Control-Subsystem Process A:
set timer to interrupt periodically with period pA;
at each timer interrupt do
1. do analog-to-digital conversion to get
input sample y;
2. compute control output u;
3. output u and do digital-to-analog
conversion;
od
Period = 15
Control-Subsystem Process
B:
set timer ….period pb
at each timer interrupt do
…..
od
Period = 30
time
Task A
0
10
20
30
40
time
Task B
0
10
20
30
40
Background – Prior Work– Our Results– Open Questions
A Formal Model: Sporadic Task Model
Worst case
Execution
Period
Relative Deadline
Requirement
i = (ei,di,pi)
(ei)
(ei)
(ei)
(ei)
(ei)
time
0
pi
2pi
3pi
4pi
Task Systems of n tasks:
 = {1,…, n}
Background – Prior Work– Our Results– Open Questions
Modeling a Real-Time System



Processing platform.
Real-time workload.
Scheduling algorithm:
• Earliest-Deadline-First (EDF): schedule the job with the
nearest absolute deadline.
• Rate-Monotonic (RM): assign each task i priority equal
to 1/pi (greater number  greater priority); schedule the job
with greatest priority.
Background – Prior Work– Our Results– Open Questions
Scheduling Algorithms
i = (ei,di,pi)
1= (2, 4, 4) =
  = (3, 7, 7) =
2
EDF
1
2
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
8
time
1
RM
2
8
time
Background – Prior Work– Our Results– Open Questions
Verification of a Real-Time System

Given a real-time system specified by:
• Processing platform: P.
• Real-time workload: .
• Scheduling Algorithm: A.

Schedulability Analysis: determine whether all
jobs generated by task system  meet all
deadlines on P when scheduled according to A.
<P,,A>
Y,  is schedulable by
Schedulability Test
A on P.
N,  is not schedulable
by A on P.
Background – Prior Work– Our Results– Open Questions
Known Verification Techniques
For EDF-scheduled systems:
i = (ei,di,pi)
Theorem: Task system  will always meet all
deadlines on a uniprocessor platform when
scheduled by EDF, if and only if for all t > 0,
  t  di 


max 0, 
 ei  t

  1

 i 
  pi 

For RM-scheduled systems:
Theorem: Task system  will always meet all deadlines
on a uniprocessor platform when scheduled by RM, if
and only if for all i and integers k>0,
 t
t  k  1 pi , k  1 pi  d i  :: kei   
j 1  p j
i 1

 ej  t

Background – Prior Work– Our Results– Open Questions
Traditional Real-Time System Design
Approach:
1. Determine, for every process of every system
application, temporal requirements (i.e., period,
execution time, etc.).
2. Specify each process in a task model (e.g., sporadic
task model).
3. Verify temporal correctness of all tasks using
schedulability analysis techniques.
Assumption: All processes of all real-time applications
have been developed together and are known by the
system designer.
Background – Prior Work– Our Results– Open Questions
Traditional Real-Time System Design
Consider our air-traffic control example…
All subsystems
validated together
from sensors
2
commands
operator-system
interface

state
estimator
air traffic
control
virtual plant
navigation
Common
Platform
1
responses
flight
management
state
estimator
3
virtual plant
4
5
state
estimator
air data


flight
control
physical plant
Background – Prior Work– Our Results– Open Questions
Traditional Real-Time System Design
Drawbacks:
1. All tasks in the system need to be
validated together and known to
system designer, a priori.
•
Monolithic system design.
2. Each application on shared
platform must use same
scheduling algorithm.
3. Temporally-bad behavior of one
task may affect other tasks.
Violation of System
Design Principles:
• Encapsulation,
Abstraction, &
Dynamic
Extensibility.
• Modularity &
Hierarchical Design.
• Fault-containment.
Solution?
Background – Prior Work– Our Results– Open Questions
Real-Time Open Environments

Framework for composing real-time applications:
• Each application may be independently developed and
verified.
• Each application runs inside a server which has local
scheduler.
• Single interface expresses temporal requirements of
application’s server which is scheduled by global
scheduler.
• System uses composability test to determine whether
applications can be co-executed on same platform.
Background – Prior Work– Our Results– Open Questions
Real-Time Open Environments
A1’s server
Multiple independently-developed, real-
1
A 1:  2
Local
Scheduler
time applications co-execute upon
I1 shared platform:
3
1
A 2:
2
Local
Scheduler
…
1
A q:
2
Local
Scheduler
I2
global
scheduler
CPU
Iq
Roughly speaking, A1, A2, …, Aq are composable if
I1  I 2   I q  ProcessorCapacity 1
Background – Prior Work– Our Results– Open Questions
Traditional Real-Time System Design
responses
from sensors
A1 1
state
estimator
2
air traffic
control
virtual plant
navigation
Common
Platform
commands
operator-system
interface

flight
management
state
estimator
3
virtual plant
A2
4
5
state
estimator
air data


flight
control
physical plant
Background – Prior Work– Our Results– Open Questions
Real-Time Open Environment Design
Approach (for an application):
1. Determine, for every process of application,
temporal requirements.
2. Specify each process in a task model (e.g., sporadic
task model).
3. Define server interface for application.
4. Verify temporal correctness of all tasks in application
server using schedulability analysis techniques.
Approach (system-wide):
1. Verify temporal correctness of all applications via
composability test.
Background – Prior Work– Our Results– Open Questions
Traditional Real-Time System Design
Advantages:
1. Application’s temporal constraints
may be validated independently
and need not be known a priori.
•
•
Component-based design.
Service-oriented design.
2. Each application on shared
platform may use different
scheduling algorithm.
3. Application servers isolate
temporally-bad behavior of an
application.
Adherence to System
Design Principles:
• Encapsulation,
Abstraction, &
Dynamic
Extensibility.
• Modularity &
Hierarchical Design.
• Fault-containment.
Background – Prior Work– Our Results– Open Questions
Real-Time Open Environment Design
Approach (for an application):
Focus of
Remainder of talk
1. Determine, for every process of application,
temporal requirements.
2. Specify each process in a task model (e.g., sporadic
task model).
3. Define server interface for application.
4. Verify temporal correctness of all tasks in application
server using schedulability analysis techniques.
Approach (system-wide):
1. Verify temporal correctness of all applications via
composability test.
Background – Prior Work– Our Results– Open Questions
Prior Work
1 R1
A1: 2 R1
Local
Scheduler
RM
[Deng & Liu, 1997] introduced
real-time open environments.

• Two-level hierarchy.
• EDF Global Scheduler.
nonI1 • Global resources. Executed
preemptively
3 R2
1R1
A 2:
2
Local
Scheduler
EDF
…
1 R2
A q:
2
I2
global
scheduler
R1 R2 … Rm
CPU
EDF
Iq
Local
Scheduler
Each resource could be
device or global data
structure.
Static
Background – Prior Work– Our Results– Open Questions
Prior Work
1 R1
A1: 2 R1
Local
Scheduler
RM
[Deng & Liu, 1997] introduced
real-time open environments.

• Two-level hierarchy.
• EDF Global Scheduler.
I1 • Global resources.
Interface Ii for each
Application Server Ai:
3 R2
1R1
A 2:
2
Local
Scheduler
EDF
…
1 R2
A q:
2
I2
•
•
•
Iq
Local
Scheduler
Static
•
i: “speed” of server.
i: maximum delay
tolerable.
i: maximum nonpreemptive resource lock.
i: length of shortest relative
deadline in Ai.
Ii  < i, i, i, i>
Background – Prior Work– Our Results– Open Questions
Prior Work
Ii  < i, i, i, i>

[Deng & Liu, 1997] introduced
real-time open environments.
• Two-level hierarchy.
• EDF Global Scheduler.
• Global resources.
Theorem: Applications A1, A2, …, Aq are
composable if,
 max 

 k   k  max

1 j  q
k 1


q
i j
j
i

 1


Drawbacks:
1. Only two levels possible.
2. Composability test provably non-optimal in the
presence of global resources.
Background – Prior Work– Our Results– Open Questions
Prior Work
1 R1
A1: 2 R1
Local
Scheduler
[Feng & Mok, 2002] BoundedDelay Resource Partition.

• Unlimited hierarchal levels.
• EDF or RM Global Scheduler.
nonI1 • Global resources. Executed
preemptively
3 R2
1R1
A 2:
2
Local
Scheduler
…
1 R2
A q:
2
I2
global
scheduler
R1 R2 … Rm
CPU
Iq
Local
Scheduler
Background – Prior Work– Our Results– Open Questions
Prior Work
A1’R
EDF 1
A1: 2 R1
Local
Scheduler
RM
[Feng & Mok, 2002] BoundedDelay Resource Partition.

• Unlimited hierarchal levels.
• EDF or RM Global Scheduler.
I1 • Global resources.
3 R2
1R1
A 2:
2
Local
Scheduler
EDF
…
1 R2
A q:
Aq’
RM
I2
Iq
global
scheduler
R1 R2 … Rm
CPU
EDF or
RM
Local
Scheduler
Static
Background – Prior Work– Our Results– Open Questions
Prior Work
A1’R
EDF 1
A1: 2 R1
Local
Scheduler
RM
[Feng & Mok, 2002] BoundedDelay Resource Partition.

• Unlimited hierarchal levels.
• EDF or RM Global Scheduler.
I1 • Global resources.
Interface Ii for each
Application Server Ai:
3 R2
1R1
A 2:
2
Local
Scheduler
EDF
…
1 R2
A q:
Aq’
RM
I2
•
•
•
Iq
Local
Scheduler
Static
•
i: “speed” of server.
i: maximum delay
tolerable.
i: maximum nonpreemptive resource lock.
i: length of shortest relative
deadline in Ai.
Ii  < i, i, i >
Background – Prior Work– Our Results– Open Questions
Prior Work
Ii  < i, i, i >

[Feng & Mok, 2002] BoundedDelay Resource Partition.
• Unlimited hierarchal levels.
• EDF or RM Global Scheduler.
• Global resources.
Theorem: Applications A1, A2, …, Aq are
composable (without resources) if,
q

k 1
k
1
Drawbacks:
1. Composability test provably non-optimal in the
presence of global resources.
Background – Prior Work– Our Results– Open Questions
Prior Work Drawback: Resource-Sharing
Composability test provably nonoptimal in the presence of global
resources.
Resource unlocked.
Deadline miss!
Resource locked.
Non-optimality at application level.
Ai
EDF
1
2
0
1
2
3
1= (2, 3, 3) =
  = (3, 9, 9) =
2
4
6
5
R1
7
8
time
9
i = (ei,di,pi)
Background – Prior Work– Our Results– Open Questions
Prior Work Drawback: Resource-Sharing
Composability test provably nonoptimal in the presence of global
resources.
Also, on the system-wide level, an application
can unnecessarily block another application.
Background – Prior Work– Our Results– Open Questions
Our results: Goals
Design an open environment server framework to:
1.
2.
3.
Obtain optimal behavior in the presence of
global resources.
Derive effective composability test.
Derive effective schedulability test for
applications.
Background – Prior Work– Our Results– Open Questions
Our Results: Bounded-Delay Resource
Open Environment (BROE) Server
A1’R
EDF 1
A1: 2 R1
3
A 2:
2
A q:
Aq’
RM
execution, if needed.
I1
Local
Scheduler
EDF
…
1 R2
• Unlimited hierarchal levels.
• EDF Global Scheduler.
• Global resources. Allow for preemptive
Local
Scheduler
RM
R2
1R1
[Fisher, Bertogna, & Baruah, 2007]

I2
global
scheduler
R1 R2 … Rm
CPU
EDF
Local
Scheduler
Iq
Static
Background – Prior Work– Our Results– Open Questions
Our Results: Bounded-Delay Resource
Open Environment (BROE) Server
A1’R
EDF 1
A1: 2 R1
A 2:
2
I1
Local
Scheduler
EDF
…
1 R2
A q:
Aq’
RM
• Unlimited hierarchal levels.
• EDF Global Scheduler.
• Global resources.
Local
Scheduler
RM
3 R2
1R1
[Fisher, Bertogna, & Baruah, 2007]

I2
Interface Ii for each
Application Server Ai:
•
•
•
Local
Scheduler
Static
Iq
i: “speed” of server.
i: maximum delay
tolerable.
Hi: maximum preemptive
resource-holding time.
Ii  < i, i, Hi >
Background – Prior Work– Our Results– Open Questions
Our Results: Bounded-Delay Resource
Open Environment (BROE) Server
Server Rules:
Ii  < i, i, Hi >
Each server maintains budget, replenishment
period, and current deadline.
1.
•
•
•
Similar to sporadic task.
i
P

“Normal” replenishment period: i
2(1   i )


i i
Maximum Budget: Ei 
2(1   i )
For all intervals of size 
t >i i, execution over interval
should be at least (t- i ) i
Background – Prior Work– Our Results– Open Questions
Our Results: Bounded-Delay Resource
Open Environment (BROE) Server
Ii  < i, i, Hi >
Server Rules:
1.
2.
Each server maintains budget, replenishment
period, and current deadline.
If server is executing budget is decremented at
1 /  i , while Ai is executing.
rate 1/i. d
Ei  
dt
 0,
rest of time.
i
2(1   i )
Budget
0
Background – Prior Work– Ourtime
Results– Open Questions
Our Results: Bounded-Delay Resource
Open Environment (BROE) Server
Server Rules:
1.
2.
3.
Ii  < i, i, Hi >
Each server maintains budget, replenishment
period, and current deadline.
If server is executing budget is decremented at
rate 1/i.
If task of Ai requests resource when Ei < Hi,
then defer execution and update
replenishment time & next deadline:
Task requests Rj, but
Access to Rj is
Execution
over interval
> (t-here
 i ) i
Ei < Hi 
granted
i
Background – Prior Work– Our Results– Open Questions
Our results: Goals
Design an open environment server framework to:
1.
2.
3.
Obtain optimal behavior in the presence of
global resources.
Derive effective composability test.
Derive effective schedulability test for
applications.
Background – Prior Work– Our Results– Open Questions
Our results: Goals
Design an open environment server framework to:
Obtain optimal behavior in the presence of
global resources.
1.

BROE-Server Properties:
•
•
Executing resources preemptively reduces deadline misses
within an application.
Deferring an application’s execution of resources prevents
blocking between applications.
Theorem: If application Ai has been validated
independently on processor of speed i and each job
completes i prior to its deadline, then it will meet all
deadlines on BROE server with interface Ii  < i, i, Hi >
executing on a unit-speed processor.
Background – Prior Work– Our Results– Open Questions
Our results: Goals
Design an open environment server framework to:
1.
2.
Obtain optimal behavior in the presence of
global resources.
Derive effective composability test.
Theorem: Applications A1, A2, …, Aq under BROE
servers are composable on a unit-speed processor
q
if,
max( H j )   k  1
1 j  q
k 1
Background – Prior Work– Our Results– Open Questions
Our results: Goals
Design an open environment server framework to:
1.
2.
3.
Obtain optimal behavior in the presence of
global resources.
Derive effective composability test.
Derive effective schedulability test for
applications.
Theorem: An application Ai comprised of sporadic tasks
will always meet all deadlines when scheduled by EDF
on a BROE Server with interface Ii  < i, i, Hi > , if
and only if for all t > 0,
 t  dk 

  ek   i (t   i )
max
0
,

1





p
 k  Ai
k




Background – Prior Work– Our Results– Open Questions
Interesting Open Questionss

Interface Selection:
• What is optimal selection of interface for an Optimization
Theory
application?
• What if system designer can lie about interfaces?
Can we design mechanisms to induce truthful
Game Theory
interfaces?


Multiprocessor/Multicore Open Evironments?
Parallel &
Implementation:
Distributed
Systems
• Operating system integration.
• AUTOSAR: Automotive Open System Architecture.
Background – Prior Work– Our Results– Open Questions
Summary


Traditional real-time analysis violates many
software engineering principles.
Real-time Open Environments:
• Composability of real-time applications.
• Encapsulation, modularity, & fault containment.

Our contribution:
• BROE Server.
• Optimal under shared resources.
• Effective composability & schedulability tests.

PhD thesis topics abound!
“Shameless” Plugs

Winter 2008: Real-Time Systems (CSC 7991)
• Topics:
•
•
•
•
Schedulability analysis,
Resource-sharing,
OS issues,
and much more!
• Workload:
•
•
4 Assignments.
Semester-long Project.
“Shameless” Plugs

Open GRA positions for Ph.D. Students:
• Theoretical & Implementation problems.
• Lots of interesting/relevant open problems.
• Travel the world:
•
Upcoming Real-Time & Distributed Systems Conferences:
•
•
•
•
•
Guadeloupe, French West Indies.
Kolkata, India.
Prague, Czech Republic.
Dublin, Ireland.
…
Thank You!
Questions?