A Compositional Framework for Real-Time ... - Semantic Scholar

A Compositional Framework for Real-Time Guarantees Insik Shin and Insup Lee Department of Computer and Information Science University of Pennsylvania Philadelphia, PA 19104 [email protected], [email protected]

Abstract We address the problem of combining the collective hard real-time resource requirements into a single hard real-time resource requirement supporting composability. We first propose a resource model to characterize a periodic resource allocation and present exact schedulability conditions for our proposed resource model under the EDF (earliest deadline first) and RM (rate monotonic) algorithms. Using the exact schedulability conditions, we then provide methods to abstract the real-time resource requirements that a set of periodic tasks demands under the EDF and RM algorithms as a single periodic task. With these abstraction methods, we introduce a composition method that derives a new temporal requirement from multiple temporal requirements in a compositional manner such that the new temporal requirement is satisfied, if and only if, the multiple temporal requirements are satisfied together.

1 Introduction As embedded systems become more complex due to increased functionalities, it is necessary to develop techniques and methods that facilitate the designing of large complex systems from subsystems. Component technology has been widely accepted as a methodology for designing large complex systems through systematic abstractions. Component-based design provides a means for decomposing a system into components, allowing the reduction of a single complex design problem into multiple simpler design problems, and composing components into a system through component interfaces that abstract their own complexity. Component-based design allows the reuse of components that may have been developed in different environments. A central idea in component-based design is to assemble components into a system without violating the principle of composability; that is, properties that have been established at the component level will also


This research was supported in part by NSF CCR-9988409, NSF CCR-0086147, NSF CCR-0209024, and ARO DAAD19-01-1-

0473.

hold at the system level. When components are composed into a larger component preserving composability, the property of the larger component abstracts the collective properties of smaller components. There has been much work in how to define interfaces for components to ensure composability. Traditionally, interface has emphasis on syntactic convention and type information. Lately, there has been a spate of effort to include behavioral and functional information as part of interface definitions. These approaches focus on ways to specify behavioral and functional aspects of components and how to to check statically the consistency of composed components. For embedded systems that are also real-time systems, it is important that timing guarantees at the component level can be analyzed compositionally as components are combined hierarchically. However, existing interfaces do not support temporal composition of components compositionally, except in trivial cases. We propose a periodic scheduling interface that focuses on abstracting the temporal behavior of components. Based on the periodic scheduling interface, we introduce a compositional framework that provides temporal compostion of components supporting composabililty. Our approach is to provide a component modeling

   , where 





technique for real-time scheduling and schedulability analysis. The scheduling component model is defined as

is a workload demand,

is a resource supply, and

  , where 

is a scheduling algorithm.



The workload demand identifies the workload of a scheduling component. For the workload model, we use the Liu and Layland periodic workload model [7] that is

is a period and

is an

 

execution time requirement. The resource supply describes the amount of resource available to the schedul-





ing component. For the resource model, we use our proposed periodic resource model [8] that is where

is a period and

is an allocation time. The scheduling algorithm defines how the workload

shares the resource at all times. Currently, we consider two scheduling algorithms that are the rate-monotonic (RM) algorithm, an optimal static scheduling algorithm, and the earliest deadline first (EDF) algorithm, an optimal dynamic scheduling algorithm. To support the schedulability analysis of individual scheduling components, we present exact schedulability conditions for our scheduling component model. We then provide composition techniques that can be used to synthesize the periodic requirements of components into the periodic requirements of the system of the components. More specifically, this paper describes the modeling, analysis and composition of scheduling components. Scheduling component modeling is to define a cheduling component such that it can serve the basic unit of scheduling to be characterized. Scheduling component analysis is to allow the schedulability analysis of a component and to derive bounds that can guarantee the schedulability of the component. Here, we identify known exact schedulability analysis techniques and introduce the notion of peridoc capacity bound. Scheduling component composition is to compose the real-time requirements of multiple components into the real-time requirements of a single component. That is, given



scheduling components, we show

how to derive a new scheduling component, called a parent scheduling component, from the components such that the parent scheduling component is schedulable, if and only if, the





scheduling

child components

are schedulable together. The rest of the paper is organized as follows. Section 2 explains how to model a scheduling component. Section 3 provides exact schedulability conditions for our scheduling component and Section 4 shows how to calculate the resource capacity bounds of a scheduling component. Section 5 describes a composition

2

method.

2 Scheduling Component: Modeling Scheduling is to assign resources according to scheduling policies in order to service workloads. The



scheduling can be accurately characterized by a scheduling model that consists of three elements: a re-

 !  , where 

source model, a scheduling algorithm, and a workload model. Thus, we define a scheduling component as



by the scheduling component, component, and



is a workload model that describes the workloads (of applications) to be demanded is a resource model that describes the resources available to the scheduling

is a scheduling algorithm that defines how the workloads share the resources at all times.

2.1 Workload Modeling For real-time systems, the Liu and Layland periodic task model [7] and its various extensions have been accepted as a workload model that accurately characterizes many traditional hard real-time applications, such as digital control and constant bit-rate voice/video transmission. Many scheduling algorithms based on this workload model have been shown to have good performance and well-understood behaviors. For the

$#% &' , where #

& is the period of " and

workload model, thus, we consider the Liu and Layland periodic task model [7] that defines a task is the execution time requirement of

"

"

as

. We assume that each task is

independent and preemptive.

2.2 Scheduling Algorithms For the scheduling algorithm, we currently allow the rate monotonic (RM) algorithm, which is an optimal fixed-priority scheduling algorithm, and the earliest deadline first (EDF) algorithm, which is an optimal dynamic scheduling algorithm.

2.3 Resource Modeling Resources can fall into two categories depending on whether they are exclusively allocated to a single scheduling component or they are shared by multiple scheduling components as follows:

(

Dedicated Resource: A resource is said to be dedicated if it is available to a single scheduling component at all times at its full capacity.

(

Shared Resource: A resource is said to be shared if it is not a dedicated resource.

Depending on the nature of resource sharing, we can further classify shared resources as follows:

(

Fractional Resource: A resource share is said to be fractional if it is available to a scheduling compo-

(

nent at all times but at a fractional capacity. Partitioned Resource: A resource share is said to be partitioned if it is available to a scheduling component at some times at its full capacity but not available at all at the other times. 3

A fractional resource is naturally modeled as

)*,+) , where +)

is a fractional capacity of

)

that is

available to a scheduling component. Unlike the fractional resource, however, it is not easy to develop an

-,+- .-/ , where +-

.-

intuitive model for a partitioned resource. Feng and Mok proposed the bounded-delay resource partition model

is the bounded delay between the partitioned resource and a fractional resource with a capacity

- 0+ -  . -

+-

is the overall capacity (on utilization) of a partitioned resource and

[4].

)*,+)/ , where + -21 +) . - ,+ -  . - and ),+ - : More specifically, their model is to characterizes the following property between & &54 ) , the time distance between & and &64 over when an event happens 3 time after another event over . - and 398 . - . is between 3%7

A key idea of their partitioned resource model is that this model characterizes a behavior of a partitioed resource

with reference to its corresponding fractional resource

The bounded-delay resource partition model is proposed to characterize a delay between a partitioned resource and its corresponding fractional resource. This model is not necessary to characterize the periodic behavior of a partitioned resource. However, when a resource is allocated for a periodic workload, such a

: ;=?

=

;

resource allocation might have a periodic behavior. Our approach is to restrict to the periodic resource model

; is a positive integer and a resource allocation time = is a real number in @A ;B . For example, : CD EF describes a partitioned resource that guarantees 3 time units every 5 time units, : GHIGJ represents a dedicated resource that is available all the time, for any integer G . and in order to characterize a partitioned resource that guarantees allocations of

time units every

time units, where a resource period

3 Scheduling Component: Schedulability Analysis

 workloads

A scheduling component

,  





is said to be schedulable if the real-time requirement of the set of

can be satisfied under the scheduling algorithm

with the resource

. In this section, we

address the problem of analyzing the schedulability of a scheduling component. This section presents the sufficient and necessary schedulability conditions for a set of periodic workloads under the EDF algorithm and a fixed-priority scheduling algorithm with a periodic resource. Motivating example.

We first present a motivating example to show the difficulty of schedulability analysis

-,+- .-K describes the property between a partitioned resource - and its corresponding fractional )*0+) , where + -L1 +) : when an event & happens 3 time after another event &54 over ) , the resource & &54 - is between 3M7 . - and 398 . - . This property yields the following time distance between and over - is schedulable if all the tasks in the sufficient schedulability condition: a scheduling component with ) at least . - time earlier than their deadlines. The scheduling component complete their execution over - ,+ -  . - is to specify the real-time guarantees of a partitioned bounded-delay resource partition model - is performed resource allocation. However, their schedulability analysis of a scheduling component with of a scheduling component that contains a partitioned resource. The bounded-delay resource partition model

-,+- .-K   0  +- .-N . schedulability of a scheduling component containing

as if the scheduling component contains a fractional resource. Example 1 shows how to model a partitioned resource with a bounded-delay resource partition model

4

and then shows how to analyze the

resource demand

10

linear upper−bound of resource demand resource demand

5

5

10

15

20 time

Figure 1. An example of a maximum demand bound and its linear upper-bound.

"9O 0PQ EF and "SR ,TDUFVU6 , that are to execute under the EDF schedul that guarantees the resource allocations of 3 time units eving algorithm with a partitioned resource ery 5 time units. In modeling this partitioned resource with a bounded-delay resource partition model - ,+ -  . - , + - and . - are determined as follows: +- 1 EQWXC and .- 1ZY  by Definitions 4 and 7 in [4].  \[ " O  " R']  - @A^ _A Y ` uv & s ^

amount of resource allocation that the workload set requests. For a periodic workload set

, we define a

that calculates the maximum resource



  3 is a discrete step function. Here, the following lemma  in Figure 1, the resource demand function i9jMk  3 . shows a linear function that upper-bounds i%jMk It is shown in Example 3 that the schedulability of w is conclusive, when the partitioned resource x is modeled with our proposed Figure 1 shows an example of the maximum resource demand of a periodic workload set

1

periodic resource model.

5

. As shown

resource supply resource demand

resource supply

20

15

10

5

interval length 5

10

15

20

25

30

40

35

Figure 2. An example of EDF schedulability analysis.

yi%jk   3 upper-bounds i%jk   3 yi%jk  3 1 +N v 3 d 9i jMk  3 > +N is the utilization of the workload set  . where Lemma 1 ([8]) A linear demand bound function



as follows:

Lemma 2 (Traditional EDF Schedulability Analysis with Dedicated Resource) With a dedicated resource, a workload set

is schedulable with the EDF scheduling algorithm if and only if the resource demand dur-

ing a time interval is no greater than the length of the time interval for all time intervals during a hyperperiod

i%jk  3 z 3 

[2], i.e.,

~} where |

for all

@h 3 z{T v6| ~}€

 is the least common multiplier of the periods of all the workloads in the workload set

Implications of traditional schedulability condition.

(1) .

The traditional schedulability condition of Eq. (1)

basically means that for any time interval, the resource demand of a workload set during the time interval should be no greater than the resource supply of a resource during the same interval. Since the resource demand of a workload set is independent of a resource, the left-hand side of Eq. (1) is not affected by a partitioned resource. However, the right-hand side of Eq. (1) that represents the resource supply should change depending on partitioning of the resource. Resource Supply to Scheduling Component.

We define the resource supply of a resource as the amount

of resource allocations that the resource provides. During a time interval, a dedicated resource can clearly

: ; a~< , where : “UFVU5 reprea~ is a fixed-priority scheduling algorithm, ?4 is schedulable if and only if the sents a dedicated resource and  is no greater than its relative deadline [6]. The worst-case worst-case response time of each workload in s s s response time ” of a workload " occurs when " experiences the worst-case interference from its highers priority workloads. " is maximally interfered by its higher-priority workloads when it is released together with all of its higher-priority workloads at the same time, which is called a critical instant. Using the iterative s response time analysis method introduced in [1], ” can be computed as follows:  s O l ” •ž# –6Ÿ ˜ v &  where " 1 $#  & ` s”F•—–>˜ 1 & s 8 (4)   œ – – – – n'™5pŽšK› n5o –¡  • ˜ ‰  ,     , s

s  " denotes where ¢ a subset of that consists of the higher-priority workloads of " . The iteration s 1 ” s •ž–6Ÿ O ˜ , where ” s •¤£ ˜ 1 &5s . continues until ” •ž–`˜ Maximum Response Time.

For a given scheduling component

Service Time over Periodic Resource. We define the service time of a resource as the duration that it takes

3

for the resource to provide a resource supply. It is obvious that it takes a service time of time units for a dedicated resource to provide a resource supply of

3

time units. It is also clear that it takes a service time

3 3   ¥ ; I  ? =



: a periodic resource , we define a service time bound function ¦‚jk6ƒ 3 of a resource supply of 3 : calculates the maximum service time of for a 3 -time-unit resource supply as follows: ¦‚jk6ƒ  3 1 ; 7 =? 8 ; v q = 3 u 8„ § 

longer than or equal to time units for a partitioned resource to provide a resource supply of time units. For

8

that

(5)

= ¬§ ª« ; = „ § 1©¨ @ 7 83M7 q u

where

if

‹ 37 = ¬ § ub­ @  q

otherwise

(6)

:

for a resource supply of 3 . The 

service time bound function ¦‚jk ƒ 3 is a non-decreasing step function. Here, the following lemma shows a  linear function that upper-bounds ¦VjMk‚ƒ 3 .   Lemma 4 ([8]) A linear service time bound function y®¦‚jk ƒ 3 upper-bounds ¦‚jk ƒ 3 as follows: ; y¦VjMk ƒ  3 1 = v 3¯8 TA; 7 =? Kd ¦VjMk ƒ  3 >^ Figure 4 (a) illustrates how Eq. (5) calculates the maximum service time of

: , CD EF . Figure 4 (b) plots its maximum service time ¦VjMk‚ƒ  3 and  its linear service time upper bound y®¦VjMk‚ƒ 3 . For instance, it takes up to 7 time units to receive a resource Example 4 Consider a periodic resource

supply of 3 time units.

”s

"s



Maximum Response Time with Periodic Resource. For the schedulability analysis of , we now consider

: ;¥I=? . The response time analysis method of Eq. (4) has been developed under the traditional resource

the worst-case response time

of a workload

under fixed-priority scheduling with a periodic partitioned

assumption of a dedicated resource and therefore under the assumption that the service duration of a resource

3

3

for a resource supply of time is time. The service duration of a partitioned resource for a resource supply

3

3

"s

: ;˜ >

(7)

 s O : l ° s •ž–>˜ 1 & s 8 ”•ž–6Ÿ # ˜ v&–^ (8) 'n ™6pŽšK›  œ 5n o –   ˜ s  : repre°`s captures the worst-case interference to a workload• " s from its higher-priority workloads, and ” °`s s 1 ” s •ž–5Ÿ O ˜ , sents the maximum service duration of a resource supply of . The iteration continues until ” •ž–>˜ s 1 & s. where ”•±£ ˜  :  a~< , Theorem 2 (Fixed-Priority Schedulability Analysis [8]) For a given scheduling component a~ is a fixed-priority scheduling algorithm,  is schedulable if and only if where where

‘ " s ² ³’ ” s  : *z€# s  where " s91 $# s  & s (9)  : ,CD E > ?}´ , where  1 [ " O 0PQ E > " R TDUFVU5 ] . In Example 5 Consider a scheduling component  this example, we first show how to calculate the maximum response time of "9O in . According to Eq. (8), ° O • O ˜ 1 E 8¶µ @WXE'· v E 1 E . According to Eq. (7), ”O• O ˜  : 1 ¦VjMk ƒ EF 1 C 7 E 8 E vM¸ EWXE'¹ 8c„ § 1 C , 1 @ . Subsequently, ° • R ˜ 1 E and ” • R ˜  : 1 C . Since ” • R ˜  : 1 ” • O ˜  : , the iteration stops where „ § O O O O 9

 : 1 C . We then show how to calculate ”‚R  : . Initially, ° R • O ˜ 1 U 8ºµ U'W'E'· v E 1»Y and 5 ” O ” R • O ˜  : 1 ¦‚jk ƒ  Y 1 ,C 7 EF 8 E v¸ Y WXE'¹ 8¼„ § 1 U6@ , where „ § 1 E 7 TŽ 8 Y 7 E v¸ Y WXE'¹ 1 T . Then, ° R • R ˜ 1 P R  : 1 U6C . Subsequently, ° R •¤½ ˜ 1 U‚@ and ” R •¤½ ˜  : 1 TX@ . Eventually, ° R •±¾I˜ 1 U‚@ , ” R •±¾I˜  : 1 TX@ . Since and ” R • ˜ ”R •¤½ ˜  : 1 ”FR •ž½ ˜  : , the iteration stops here, and ” R  : 1 TŽ@ . According to Theorem 2, since ” O  : *z# O and ” R  : Kz¼# R ,  is schedulable. here, and

4 Scheduling Component: Periodic Capacity Bounds For a scheduling model







that characterizes its two elements but does not characterize the other element,

 terizes its workload

: and scheduling algorithm , we find a periodic capacity bound for its resource that  :   . guarantees the schedulability of  : ;¥I=? as =~W'; . In this section, given a set We define the periodic capacity ƒ of a periodic resource  under a scheduling algorithm , we address the problem of characterizing a set of of periodic workloads  under . A reasonable approach is to classify periodic resources that satisfy the timing requirements of we address the problems of deriving a schedulability bound for the missing element of