Suzhen Lin, A. Sai Sudhir, G. Manimaran

Real-time Computing & Networking LaboratoryDepartment of Electrical and Computer

EngineeringIowa State University, USA

http://www.ee.iastate.edu/~gmani

ConFiRM-DRTS: A Certification Framework for

Dynamic Resource Management in Distributed Real-Time Systems

2

Outline

Problem statement Model and certification requirements The proposed certification framework Case study of feedback-based

scheduling verification Conclusions

3

Real-time Systems

Logical correctness & timeliness

Real-time tasks have deadlines

Real-time tasks:periodic and aperiodic

4

System Model

Heterogeneous computing nodes Arbitrary network topology Periodic and aperiodic workloads

Local scheduler Global scheduler (load balancer) Packet scheduler

5

Problem Statement

Problem overview Certification of dynamic RM

Technical considerations Virtual homogeneity Performance Stability Verifiability

6

Two Views to Certifiability

How to Certify a given system Testing, verification, validation

Design for Certifiability Employ provable techniques and tools

7

DRE Certification Requirements and Certification Techniques/Tools

Requirements Techniques/Tools

R1: Traditional functional and performance testing

Test decompostion, observability, reproducibility, environment simulation and representativity

R2: Testing of the dynamic resource allocation

Petri nets based verification and simulation

R3: Virtual homogeneity Middleware (e.g., CORBA)

R4: Verification of Schedulability

Feedback control scheduling and simulation

R5: Verification of Stability

Feedback control theory and simulation

8

DRE Certification Test-bed

9

Traditional Functional and Performance Testing

Organization Organize testing into distinct test phases

Observability Observe the correctness of system behavior

Reproducibility Get the same results when the program is

executed

10

Traditional Functional and Performance Testing ...

Environment Simulation It mimics the system behavior through test

runs

Representativity System should be represented by realistic

inputs

Petri Nets for Verification of RT Systems Reachability analysis.

11

Virtual Homogeneity Using RTCORBA

Each RT-CORBA invocation has a priority. RT Portable Object Adaptor(RT POA) for demultiplexing object requests to the appropriate object skeleton.

12

Fault Injection Testing Injecting software faults at compile-time Injecting software faults at run-time

Interface Mutation Testing Involves testing interactions between various

units. Testing Through Equivalent Configurations

Involves allowing configurations that are equivalent to those already tested.

Certification Techniques on an Object-based Middleware System

13

A Distributed Object Monitoring and Testing System

14

Design Methodology for Verifiability of Feedback Control Scheduling

System Modeling Controller Design Model Verification Scheduler Design Experimental Evaluation

15

Two-loop Feedback Scheduling

PID Controllers are Used

16

Performances for Control Systems

Overshoot Settling time Steady-state

error

M

st

eM

ste

17

Performances for Scheduling Systems

taskssubmittedof

tasksadmittedofGRRatioGuarantee

#

#)(

GR1)RR(RatioectionRej

tasksadmitted#

deadlinestheirmeetthattasks#)HR(RatioHit

HR1)MR(RatioMiss

GRHRtaskssubmitted#

deadlinestheirmeetthattasks#)ER(RatioEffective

Goal: to improve ER.

18

Case study—Task Model Aperiodic soft RT task: Estimated Execution Time:

),,,,( iiiiii dBCETWCETraT

)( iiii BCETAvECTetfAvCETEET

ii TofTimeExecutionCaseWorstWCET

ii TofTimeExecutionCaseBestBCET

ii TofTimeExecutionCaseAverageAvCET

19

Case Study—Local Scheduling Systems

Set point: desired MR & RR

Regulated/Measured variable: MR & RR

Control variable: Estimated execution time

Actuator: Execution time estimator

Controller: PI

20

Case Study — Local Scheduling system

21

Stability Analysis for Local System

From Control theory, we get the characteristic equation for the local system in Z domain:

The eigen values of the equation are:

Since , all the eigen values lie within the unit circle, so the local system is stable.

0

11

1

111

//

//

rgfKnfz

zrgfKnf

z

z

mgfKnfz

zmgfKnf

z

z

rmmrmrrm

rmmrmrrm

rgfKnfz

mgfKnfzz

rmmrmrrm

/4

/32,1 1

1,

1

1,0

00 // rgfKnfandmgfKnf rmmrmrrm

22

Case Study—Global scheduling system

The inner loop responds to changes much more quickly than the outer loop.

So we can treat the local system as a model that has transfer function I (identity matrix).

The analysis of the global system is similar to the local system.

23

Conclusion Certifying dynamic RM

Very complex process 100% verification may not be achievable

How to certify a given system Traditional testing, Validation Middleware design methodology

Design for Certifiability Employ mathematically provable techniques E.g., Feedback control scheduling, Petri nets